Hiring the hidden gems: Should InfoSec hire from other industries?

By Doug Drinkwater

CSO|

Thinkstock

The InfoSec market is predicted to grow from $75 billion in 2015 to $170 billion by 2020, but – like any child star – it finds itself struggling with growing pains.

An evolving threat landscape, cyber-crime-as-a-service and cyber espionage are the biggest problems for CISOs and law enforcers today, not to mention the record number of data breaches, but there is a bigger, arguably more basic, problem that stunts the market.

Information security has long been suffering from a well-advertised skills gap problem. It’s well cited that (ISC)² says that there will be a shortage of 2 million professionals by 2020, with Cisco putting the current global shortage at closer to 1 million. According to 2015 analysis from Bureau of Labor Statistics by Peninsula Press, more than 209,000 cybersecurity jobs in the U.S. are currently unfilled.

This shortage spans the industry, but in particular, there is a desperate need for data scientists and data analysts, as well as social engineering and digital forensics experts.

This isn’t such hyperbole, for this shortage is already having a day-to-day impact. A (ISC)² study with Frost & Sullivan found that enterprises and their security staff are increasingly blaming breaches on a lack of skilled personnel, with a Vanson Bourne/Intel Security survey revealing that IT managers think that the shortage will make them more likely to be targeted, lose proprietary data or suffer reputational damage.